From: German Gomez <german.gomez@arm.com>
To: linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org,
acme@kernel.org
Cc: German Gomez <german.gomez@arm.com>,
John Garry <john.garry@huawei.com>, Will Deacon <will@kernel.org>,
Mathieu Poirier <mathieu.poirier@linaro.org>,
Leo Yan <leo.yan@linaro.org>, Mark Rutland <mark.rutland@arm.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Jiri Olsa <jolsa@redhat.com>, Namhyung Kim <namhyung@kernel.org>,
linux-arm-kernel@lists.infradead.org, linux-csky@vger.kernel.org,
linux-riscv@lists.infradead.org
Subject: [PATCH v1 1/4] perf tools: Prevent out-of-bounds access to registers
Date: Wed, 1 Dec 2021 12:33:29 +0000 [thread overview]
Message-ID: <20211201123334.679131-2-german.gomez@arm.com> (raw)
In-Reply-To: <20211201123334.679131-1-german.gomez@arm.com>
The size of the cache of register values is arch-dependant
(PERF_REGS_MAX). This has the potential of causing an out-of-bounds
access in the function "perf_reg_value" if the local architecture
contains less registers than the one the perf.data file was recorded on.
Since the maximum number of registers is bound by the bitmask "u64
cache_mask", and the size of the cache when running under x86 systems is
64 already, fix the size to 64 and add a range-check to the function
"perf_reg_value" to prevent out-of-bounds access.
Signed-off-by: German Gomez <german.gomez@arm.com>
---
tools/perf/util/event.h | 5 ++++-
tools/perf/util/perf_regs.c | 3 +++
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/tools/perf/util/event.h b/tools/perf/util/event.h
index 95ffed663..c59331eea 100644
--- a/tools/perf/util/event.h
+++ b/tools/perf/util/event.h
@@ -44,13 +44,16 @@ struct perf_event_attr;
/* perf sample has 16 bits size limit */
#define PERF_SAMPLE_MAX_SIZE (1 << 16)
+/* number of register is bound by the number of bits in regs_dump::mask (64) */
+#define PERF_SAMPLE_REGS_CACHE_SIZE (8 * sizeof(u64))
+
struct regs_dump {
u64 abi;
u64 mask;
u64 *regs;
/* Cached values/mask filled by first register access. */
- u64 cache_regs[PERF_REGS_MAX];
+ u64 cache_regs[PERF_SAMPLE_REGS_CACHE_SIZE];
u64 cache_mask;
};
diff --git a/tools/perf/util/perf_regs.c b/tools/perf/util/perf_regs.c
index 5ee47ae15..06a7461ba 100644
--- a/tools/perf/util/perf_regs.c
+++ b/tools/perf/util/perf_regs.c
@@ -25,6 +25,9 @@ int perf_reg_value(u64 *valp, struct regs_dump *regs, int id)
int i, idx = 0;
u64 mask = regs->mask;
+ if ((u64)id >= PERF_SAMPLE_REGS_CACHE_SIZE)
+ return -EINVAL;
+
if (regs->cache_mask & (1ULL << id))
goto out;
--
2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: German Gomez <german.gomez@arm.com>
To: linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org,
acme@kernel.org
Cc: German Gomez <german.gomez@arm.com>,
John Garry <john.garry@huawei.com>, Will Deacon <will@kernel.org>,
Mathieu Poirier <mathieu.poirier@linaro.org>,
Leo Yan <leo.yan@linaro.org>, Mark Rutland <mark.rutland@arm.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Jiri Olsa <jolsa@redhat.com>, Namhyung Kim <namhyung@kernel.org>,
linux-arm-kernel@lists.infradead.org, linux-csky@vger.kernel.org,
linux-riscv@lists.infradead.org
Subject: [PATCH v1 1/4] perf tools: Prevent out-of-bounds access to registers
Date: Wed, 1 Dec 2021 12:33:29 +0000 [thread overview]
Message-ID: <20211201123334.679131-2-german.gomez@arm.com> (raw)
In-Reply-To: <20211201123334.679131-1-german.gomez@arm.com>
The size of the cache of register values is arch-dependant
(PERF_REGS_MAX). This has the potential of causing an out-of-bounds
access in the function "perf_reg_value" if the local architecture
contains less registers than the one the perf.data file was recorded on.
Since the maximum number of registers is bound by the bitmask "u64
cache_mask", and the size of the cache when running under x86 systems is
64 already, fix the size to 64 and add a range-check to the function
"perf_reg_value" to prevent out-of-bounds access.
Signed-off-by: German Gomez <german.gomez@arm.com>
---
tools/perf/util/event.h | 5 ++++-
tools/perf/util/perf_regs.c | 3 +++
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/tools/perf/util/event.h b/tools/perf/util/event.h
index 95ffed663..c59331eea 100644
--- a/tools/perf/util/event.h
+++ b/tools/perf/util/event.h
@@ -44,13 +44,16 @@ struct perf_event_attr;
/* perf sample has 16 bits size limit */
#define PERF_SAMPLE_MAX_SIZE (1 << 16)
+/* number of register is bound by the number of bits in regs_dump::mask (64) */
+#define PERF_SAMPLE_REGS_CACHE_SIZE (8 * sizeof(u64))
+
struct regs_dump {
u64 abi;
u64 mask;
u64 *regs;
/* Cached values/mask filled by first register access. */
- u64 cache_regs[PERF_REGS_MAX];
+ u64 cache_regs[PERF_SAMPLE_REGS_CACHE_SIZE];
u64 cache_mask;
};
diff --git a/tools/perf/util/perf_regs.c b/tools/perf/util/perf_regs.c
index 5ee47ae15..06a7461ba 100644
--- a/tools/perf/util/perf_regs.c
+++ b/tools/perf/util/perf_regs.c
@@ -25,6 +25,9 @@ int perf_reg_value(u64 *valp, struct regs_dump *regs, int id)
int i, idx = 0;
u64 mask = regs->mask;
+ if ((u64)id >= PERF_SAMPLE_REGS_CACHE_SIZE)
+ return -EINVAL;
+
if (regs->cache_mask & (1ULL << id))
goto out;
--
2.25.1
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
WARNING: multiple messages have this Message-ID (diff)
From: German Gomez <german.gomez@arm.com>
To: linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org,
acme@kernel.org
Cc: German Gomez <german.gomez@arm.com>,
John Garry <john.garry@huawei.com>, Will Deacon <will@kernel.org>,
Mathieu Poirier <mathieu.poirier@linaro.org>,
Leo Yan <leo.yan@linaro.org>, Mark Rutland <mark.rutland@arm.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Jiri Olsa <jolsa@redhat.com>, Namhyung Kim <namhyung@kernel.org>,
linux-arm-kernel@lists.infradead.org, linux-csky@vger.kernel.org,
linux-riscv@lists.infradead.org
Subject: [PATCH v1 1/4] perf tools: Prevent out-of-bounds access to registers
Date: Wed, 1 Dec 2021 12:33:29 +0000 [thread overview]
Message-ID: <20211201123334.679131-2-german.gomez@arm.com> (raw)
In-Reply-To: <20211201123334.679131-1-german.gomez@arm.com>
The size of the cache of register values is arch-dependant
(PERF_REGS_MAX). This has the potential of causing an out-of-bounds
access in the function "perf_reg_value" if the local architecture
contains less registers than the one the perf.data file was recorded on.
Since the maximum number of registers is bound by the bitmask "u64
cache_mask", and the size of the cache when running under x86 systems is
64 already, fix the size to 64 and add a range-check to the function
"perf_reg_value" to prevent out-of-bounds access.
Signed-off-by: German Gomez <german.gomez@arm.com>
---
tools/perf/util/event.h | 5 ++++-
tools/perf/util/perf_regs.c | 3 +++
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/tools/perf/util/event.h b/tools/perf/util/event.h
index 95ffed663..c59331eea 100644
--- a/tools/perf/util/event.h
+++ b/tools/perf/util/event.h
@@ -44,13 +44,16 @@ struct perf_event_attr;
/* perf sample has 16 bits size limit */
#define PERF_SAMPLE_MAX_SIZE (1 << 16)
+/* number of register is bound by the number of bits in regs_dump::mask (64) */
+#define PERF_SAMPLE_REGS_CACHE_SIZE (8 * sizeof(u64))
+
struct regs_dump {
u64 abi;
u64 mask;
u64 *regs;
/* Cached values/mask filled by first register access. */
- u64 cache_regs[PERF_REGS_MAX];
+ u64 cache_regs[PERF_SAMPLE_REGS_CACHE_SIZE];
u64 cache_mask;
};
diff --git a/tools/perf/util/perf_regs.c b/tools/perf/util/perf_regs.c
index 5ee47ae15..06a7461ba 100644
--- a/tools/perf/util/perf_regs.c
+++ b/tools/perf/util/perf_regs.c
@@ -25,6 +25,9 @@ int perf_reg_value(u64 *valp, struct regs_dump *regs, int id)
int i, idx = 0;
u64 mask = regs->mask;
+ if ((u64)id >= PERF_SAMPLE_REGS_CACHE_SIZE)
+ return -EINVAL;
+
if (regs->cache_mask & (1ULL << id))
goto out;
--
2.25.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-12-01 12:34 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-01 12:33 [PATCH v1 0/4] Support register names from all architectures German Gomez
2021-12-01 12:33 ` German Gomez
2021-12-01 12:33 ` German Gomez
2021-12-01 12:33 ` German Gomez [this message]
2021-12-01 12:33 ` [PATCH v1 1/4] perf tools: Prevent out-of-bounds access to registers German Gomez
2021-12-01 12:33 ` German Gomez
2021-12-08 21:35 ` Jiri Olsa
2021-12-08 21:35 ` Jiri Olsa
2021-12-08 21:35 ` Jiri Olsa
2021-12-10 9:17 ` kajoljain
2021-12-10 9:17 ` kajoljain
2021-12-10 9:17 ` kajoljain
2021-12-10 13:38 ` Arnaldo Carvalho de Melo
2021-12-10 13:38 ` Arnaldo Carvalho de Melo
2021-12-10 13:38 ` Arnaldo Carvalho de Melo
2021-12-10 15:28 ` German Gomez
2021-12-10 15:28 ` German Gomez
2021-12-10 15:28 ` German Gomez
2021-12-10 16:19 ` Arnaldo Carvalho de Melo
2021-12-10 16:19 ` Arnaldo Carvalho de Melo
2021-12-10 16:19 ` Arnaldo Carvalho de Melo
2021-12-01 12:33 ` [PATCH v1 2/4] perf script: Add "struct machine" parameter to process_event callback German Gomez
2021-12-01 12:33 ` German Gomez
2021-12-01 12:33 ` German Gomez
2021-12-02 16:03 ` Athira Rajeev
2021-12-02 16:03 ` Athira Rajeev
2021-12-02 16:03 ` Athira Rajeev
2021-12-03 12:00 ` German Gomez
2021-12-03 12:00 ` German Gomez
2021-12-03 12:00 ` German Gomez
2021-12-13 18:22 ` Arnaldo Carvalho de Melo
2021-12-13 18:22 ` Arnaldo Carvalho de Melo
2021-12-13 18:22 ` Arnaldo Carvalho de Melo
2021-12-13 18:31 ` German Gomez
2021-12-13 18:31 ` German Gomez
2021-12-13 18:31 ` German Gomez
2021-12-13 19:59 ` Arnaldo Carvalho de Melo
2021-12-13 19:59 ` Arnaldo Carvalho de Melo
2021-12-13 19:59 ` Arnaldo Carvalho de Melo
2021-12-01 12:33 ` [PATCH v1 3/4] perf tools: Crete header files with register names German Gomez
2021-12-01 12:33 ` German Gomez
2021-12-01 12:33 ` German Gomez
2021-12-01 12:33 ` [PATCH v1 4/4] perf tools: Support register names from all architectures German Gomez
2021-12-01 12:33 ` German Gomez
2021-12-01 12:33 ` German Gomez
2021-12-03 9:38 ` German Gomez
2021-12-03 9:38 ` German Gomez
2021-12-03 9:38 ` German Gomez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211201123334.679131-2-german.gomez@arm.com \
--to=german.gomez@arm.com \
--cc=acme@kernel.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=john.garry@huawei.com \
--cc=jolsa@redhat.com \
--cc=leo.yan@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-csky@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=mark.rutland@arm.com \
--cc=mathieu.poirier@linaro.org \
--cc=namhyung@kernel.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.